SC-400 just had a major update, incorporating new domain objectives that have been lifted and adapted from the just reitred MS-500 exam (June 30, 2023). The two new objectives are Monitor and investigate data and activities by using Microsoft Purview and Manage insider and privacy risk in Microsoft 365. Because of this the previous weightings of each section had to accommodate the additions. 

It’s important to note that this exam is different in a few ways to the other exams in the SC series. The first major difference is that it really is much more focused on protecting Office 365 workloads, rather than the mix of Microsoft 365 and Azure workloads that the other exams cover. The inclusion of Azure Purview means that some additional Azure knowledge is going to be required, but at this point in the exam’s life, this isn’t a heavily weighted area.

It is also different in that this falls into the compliance side of the compliance and security conversation, so it expects you to have an understanding of the Microsoft technologies that focus on content classification, data loss prevention, governance, and protection.

What these differences potentially mean for those of you who want to do this exam is that if you already have a solid understanding of the compliance related Office 365 Enterprise E5 workloads, and have worked with Azure Information Protection, you are probably at a very good starting point. Where does that leave you if that’s not where your skills currently are?

Thankfully these gaps will be pretty easy for you to fill, especially when they are workload related. Make sure that you understand the terms that are used for protection inside of Teams, Exchange, and SharePoint, for example, so that you aren’t getting caught out on feature terminology. You don’t need to be an expert in the individual products just mentioned, instead just make sure you’ve been through some introductory concepts that introduce features and terminology. My suggestion is that use Microsoft Learn modules for this, rather than trying to finding the relevant Microsoft Docs pages.

Implement Information Protection (25-30%)

Create and manage sensitive information types

• Identify sensitive information requirements for an organization’s data
  • Learn about sensitive information types
• Translate sensitive information requirements into built-in or custom sensitive info types
  • Know your data, protect your data, prevent data loss
• Create and manage custom sensitive information types
  • Customize a built-in sensitive information type
  • Create a keyword dictionary
• Create and manage exact data match (EDM) classifiers
  • Create custom sensitive information types with Exact Data Match based classification
• Implement document fingerprinting
  • Document Fingerprinting

Create and manage trainable classifiers

• Identify when to use trainable classifiers
  • Learn about trainable classifiers
• Design and create a trainable classifier
  • Get started with trainable classifiers
• Test a trainable classifier
  • Get started with trainable classifiers
• Retrain a trainable classifier
  • How to retrain a classifier in content explorer

Implement and manage sensitivity labels

• Implement roles and permissions for administering sensitivity labels
  • Permissions required to create and manage sensitivity labels
• Design and create sensitivity labels
  • Get started with sensitivity labels
  • Use sensitivity labels with teams, groups, and sites
  • How to apply sensitivity labels in Power BI
  • Manage sensitivity labels in Office apps
• Configure and manage sensitivity label policies
  • Create and publish sensitivity labels
• Configure auto-labeling policies for sensitivity labels
  • Apply a sensitivity label to content automatically
  • Use sensitivity labels with teams, groups, and sites
• Monitor data classification and label usage by using Content explorer, Activity explorer and audit search
  • Get started with content explorer
  • Get started with activity explorer
  • Search the audit log in the Microsoft Purview compliance portal
• Apply bulk classification to on-premises data by using the Microsoft Purview Information Protection scanner
  • Running the Microsoft Purview Information Protection scanner
• Manage protection settings and marking for applied sensitivity labels
  • What sensitivity labels can do
  • Configure and deploy classification and labeling

Design and implement encryption for email messages

• Design an email encryption solution based on methods available in Microsoft 365
  • Email encryption
• Implement Microsoft Purview Message Encryption
  • Office 365 Message Encryption (OME)
• implement Microsoft Purview Advanced Message Encryption
  • Advanced Message Encryption

Implement Data Loss Prevention (15-20%)

Create and configure data loss prevention (DLP) policies

• Design DLP policies based on an organization’s requirements
  • Plan for data loss prevention
• Configure permissions for DLP
  • How DLP works between the Security & Compliance Center and Exchange admin center
• Create and manage DLP policies
  • Create, test, and tune a DLP policy
  • Data Loss Prevention Reference
• Interpret policy and rule precedence in DLP
  • The priority by which rules are processed
• configure DLP policies for Microsoft Exchange Online, Microsoft SharePoint Online, Microsoft OneDrive, Microsoft Teams, Microsoft Power BI, and on-premises repositories
  • Data Loss Prevention Reference
  • DLP and Microsoft Teams
• Configure file policies in Microsoft Defender for Cloud Apps to use DLP policies
  • Integrate Microsoft Purview Information Protection with Defender for Cloud Apps
  • Control cloud apps with policies

Implement and monitor Microsoft Endpoint DLP

• Configure advanced DLP rules for devices in DLP policies
  • Get started with Endpoint data loss prevention
• Configure Endpoint DLP settings
  • Using Endpoint data loss prevention
  • Configure device proxy and internet connection settings for information protection
• Recommend a deployment method for device onboarding
  • Windows 10 and Windows 11 Onboarding procedures
  • macOS onboarding procedures
• Identify endpoint requirements for device onboarding
  • Get started with Endpoint data loss prevention
• Monitor endpoint activities
  • Viewing Endpoint DLP data in activity explorer
• Implement the Microsoft Purview Extension
  • Get started with the Microsoft Purview Extension

Monitor and manage DLP activities

• Analyze DLP reports
  • Learn about the data loss prevention Alerts dashboard
• Analyze DLP activities by using Activity explorer
  • View the DLP reports
• Remediate DLP alerts in the Microsoft Purview compliance portal
  • Configure and view alerts for DLP policies
  • Give users access to the Security & Compliance Center
• Remediate DLP alerts generated by Defender for Cloud Apps
  • Manage alerts

Implement Information Governance (10-15%)

Retain and delete data by using retention labels

• Plan for information retention and disposition by using retention labels
  • Learn about retention policies & retention labels
• Create retention labels for data lifecycle management
  • Create retention policies
• Configure and manage adaptive scopes
  • Scopes – adaptive and static
• Configure a retention label policy to publish labels
  • Retention policies and labels
• Configure a retention label policy to auto-apply labels
  • Apply a retention label to content automatically
• Interpret the results of policy precedence, including using Policy lookup
  • The principles of retention, or what takes precedence?

Manage data retention in Microsoft 365 workloads

• Create and apply retention policies for Microsoft SharePoint and OneDrive
  • Retention for SharePoint and OneDrive
• Create and apply retention policies for Microsoft 365 groups
  • Configuration information for Microsoft 365 Group mailboxes & sites
• Create and apply retention policies for Microsoft Teams
  • Retention for Microsoft Teams
• Create and apply retention policies for Yammer
  • Learn about retention for Yammer
• Create and apply retention policies for Exchange Online
  • Retention for Exchange
• Apply mailbox holds in Exchange Online
  • Create a Litigation Hold
  • How to identify the type of hold placed on a mailbox
• Implement Exchange Online archiving policies
  • Enable autoexpanding archiving
  • Set up an archive and deletion policy for mailboxes
• Configure preservation locks for retention policies and retention label policies
  • Lock policies to restrict changes
• Recover retained content in Microsoft 365
  • TeamsSharePointOneDriveEnable or disable single item recovery for a mailbox.
  • Recover an inactive mailbox
  • Restore an inactive mailbox

Implement Microsoft Purview records management

• Create and configure retention labels for records management
  • Learn about records management
  • Get started with records management
• Manage retention labels by using a file plan, including file plan descriptors
  • Use file plan
  • Create retention labels and apply them in apps
  • Apply a retention label to content automatically
• Classify records by using retention labels and retention label policies
  • Get started with records management
• Manage event-based retention
  • Start retention when an event occurs
• Manage the disposition of content in records management
  • Manage disposition of data
• Configure records management settings, including retention label settings and disposition settings
  • Create retention labels and apply them in apps
  • Use retention labels to manage the lifecycle of documents stored in SharePoint

Monitor and investigate data and activities by using Microsoft Purview (15–20%)

Plan and manage regulatory requirements by using Microsoft Purview Compliance Manager

• Plan for regulatory compliance in Microsoft 365
  • Recommended action plan for GDPR
  • Customize or create new sensitive information types for GDPR
  • Office 365 Data Service Requests
  • Office 365 Data Subject Requests for the GDPR and CCPA
• Create and manage assessments
  • Get started with Compliance Manager
  • Build and manage assessments in Microsoft Purview Compliance Manager
• Create and modify custom templates
  • Build and manage assessments in Microsoft Purview Compliance Manager
• Interpret and manage improvement actions
  • Working with improvement actions in Microsoft Purview Compliance Manager
• Create and manage alert policies for assessments
  • Create and manage alert policies

Plan and manage eDiscovery and Content search

• Choose between eDiscovery (Standard) and eDiscovery (Premium) based on an organization’s requirements
  • Microsoft Purview eDiscovery solutions
• Plan and implement eDiscovery
  • Manage legal investigations
• Delegate permissions to use eDiscovery and Content search
  • Assign eDiscovery permissions
• Perform searches and respond to results from eDiscovery
  • Create and manage eDiscovery cases
• Manage eDiscovery cases
  • Search for content in a case
• Perform searches by using Content search
  • Export Content Search results 

Manage and analyze audit logs and reports in Microsoft Purview

• Choose between Audit (Standard) and Audit (Premium) based on an organization’s requirements
  • Auditing and Reporting
• Plan for and configure auditing
  • Turn Office 365 audit log search on or off.
  • Auditing and reporting in Microsoft cloud services
• Investigate activities by using the unified audit log
  • Search the audit log in the Microsoft Purview compliance portal
• Review and interpret compliance reports and dashboards
  • Microsoft 365 admin center activity reports
• Configure alert policies
  • Default alert policies
  • Alert policies
• Configure audit retention policies
  • Manage audit log retention policies

Manage insider and privacy risk in Microsoft 365 (15–20%)

Implement and manage Microsoft Purview Communication Compliance

• Plan for communication compliance
  • Get started with communication compliance
• Create and manage communication compliance policies
  • Configure supervision policies for your organization
• Investigate and remediate communication compliance alerts and reports
  • Communication compliance in Microsoft 365

Implement and manage Microsoft Purview Insider Risk Management

• Plan for insider risk management
  • Get started with insider risk management.
• Create and manage insider risk management policies
  • Create an insider risk policy
• Investigate and remediate insider risk activities, alerts, and reports
  • Insider risk management content explorer
• Manage insider risk cases
  • Take action on insider risk cases
• Manage forensic evidence settings
  • Get started with insider risk management forensic evidence
  • Manage insider risk management forensic evidence
• Manage notice templates
  • Create insider risk notice templates

Implement and manage Microsoft Purview Information Barriers (IBs)

• Plan for IBs
  • Information barriers
• Create and manage IB segments and policies
  • Get started with information barriers
• Configure Teams, SharePoint Online, and OneDrive to enforce IBs, including setting barrier modes
  •  Configuration for information barriers on SharePoint and OneDrive 
  • Information barriers and Shared Channels
• Investigate issues with IB policies
  • Issues related to information barrier policies

Implement and manage privacy requirements by using Microsoft Priva

• Configure and maintain privacy risk management
  • Learn how to create and manage policies
• Create and manage Privacy Risk Management policies
  • Create a data overexposure policy
  • Create a data transfer policy
  • Create a data minimization policy
• Identify and monitor potential risks involving personal data
  • Learn about Privacy Risk Management
• Evaluate and remediate alerts and issues
  • Investigate and remediate alerts
• Implement and manage subject rights requests
  • Learn about Subject Rights Requests